Cybersecurity should be a focus for businesses of all sizes and in all sectors. Unfortunately, some small and medium-sized businesses (SMBs) believe they are too small to worry about a cyber-attack. This is not true.
The reality is that no business is too small to become the victim of a cyber-attack. In fact, SMBs are at a higher risk for breaches because cybercriminals know they may not have the same robust defenses as larger organizations.
Given that 91% of cyber-attacks start with email, SMB cybersecurity strategies should focus on locking down their email systems.
The Scope of the Issue
The 2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB) surveyed 598 companies between 100 and 1,000 employees. What they found was alarming.
Number of Attacks
Of the organizations surveyed, 55% had experienced a cyber-attack and 50% had experienced a data breach within the last year, even though many of these organizations had some type of cyber defense in place. Of organizations that have intrusion detection systems and anti-virus solutions:
- 57% have had some type of exploit (in some cases malware) slip past their intrusion detections systems
- 76% have had an attack slip past their anti-virus software
Overall, 55% of SMBs experienced a cyber-attack over the course of a year.
Types of Attacks
In the last year:
- 43% experienced a phishing or social engineering attack
- 35% were impacted by some type of malware
- 14% were impacted by an advanced malware or zero-day attack
- 2% were impacted by ransomware
The most common SMB attacks involve phishing and social engineering tactics.
Although 2% seems low for ransomware, it is important to remember that these attacks are on the rise, with a 36% increase in worldwide ransomware attacks between 2016 and 2017. Additionally, the impacts of a ransomware attack can be particularly devastating, whether it impacts the businesses’ reputation or finances.
Perceptions of Attacks
Enterprises are starting to realize the importance of using strong SMB cybersecurity solutions to defend their organization.
Surveyed SMBs believe:
- Attacks are becoming more targeted
- Attacks are becoming more sophisticated
- Attacks are becoming more severe
- Anti-malware software is essential
Why? Desirable Data
As we discussed above, many SMBs don’t take sufficient cybersecurity measures because they don’t see themselves as a likely target. However, virtually every organization has customer or other data that criminals can hold ransom or sell on the dark web.
All organizations have desirable data that cybercriminals can use to make money.
Here are just a few examples of how criminals can monetize your data:
- Stolen confidential information from W-2s and other employee paperwork can be sold on the dark web
- Payouts from ransomware infections, especially from organizations who don’t have the tech support or other resources necessary to get their data back other ways
- Use social engineering or spear phishing tactics to steal credentials and gain access to your (or your partner’s or your customer’s) critical systems and data
Unfortunately, the landscape of threats is always changing and evolving, which can make protecting your organization difficult. However, keep in mind that the vast majority (over 90%) of all attacks start with email. If you can just lock-down your email systems, you’re going to much more secure than most organizations.
Predictive Email Defense from Vade Secure
Most organizations rely upon standard email security systems that ship with Office 365, Barracuda, or Proofpoint. However, all of these systems rely primarily upon recognizing a known threat. This is known as signature-based threat evaluation (aka black-listing). It can be highly efficient for dealing with a known threat—but is generally useless against new ones. So the bad guys can just tweak a few lines of their code and get their “new” malware and ransomware past your defenses.
For instance, hackers have created dozens of Locky and CryptoLocker ransomwares variants. Each one typically got past signature-defenses until they were manually identified, added to the blacklists, and the new blacklists were distributed. Vade Secure’s AI-powered email security systems were able to identify every variant starting with the first email. To-date, we’ve stopped every single case of every known variant of these notorious ransomwares.
Signature-based anti-virus and anti-malware solutions can’t protect your organization from advanced email threats.
Our predictive email defense solution is backed by artificial intelligence and supported by a real-time 24/7 global threat center, allowing us to defend against all email threats – even slight variants. We utilize multiple layers of analysis to determine the safety of emails, including:
- Artificial intelligence
- Counter measure detection
- Machine learning
- Real-time reputation
- Future behavior projection
- Webpage exploration
- Domain name exploration
You need predictive email defense to protect your organization from ransomware, phishing, and zero-day attacks.
Robust email defense must be a fundamental part of your SMB cybersecurity strategy if you truly want to protect your organization.
Interested in learning more about our innovative email security solution? Check out the newsletter we worked on with Gartner about Fighting Email Threats with Predictive Defense or contact us for more information or proof of concept.